1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (c) 2000-2003 Silicon Graphics, Inc.
4  * All Rights Reserved.
5  */
6 #include "xfs.h"
7 #include "xfs_fs.h"
8 #include "xfs_format.h"
9 #include "xfs_log_format.h"
10 #include "xfs_shared.h"
11 #include "xfs_trans_resv.h"
12 #include "xfs_bit.h"
13 #include "xfs_mount.h"
14 #include "xfs_defer.h"
15 #include "xfs_inode.h"
16 #include "xfs_bmap.h"
17 #include "xfs_quota.h"
18 #include "xfs_trans.h"
19 #include "xfs_buf_item.h"
20 #include "xfs_trans_space.h"
21 #include "xfs_trans_priv.h"
22 #include "xfs_qm.h"
23 #include "xfs_trace.h"
24 #include "xfs_log.h"
25 #include "xfs_bmap_btree.h"
26 #include "xfs_error.h"
27 #include "xfs_health.h"
28 
29 /*
30  * Lock order:
31  *
32  * ip->i_lock
33  *   qi->qi_tree_lock
34  *     dquot->q_qlock (xfs_dqlock() and friends)
35  *       dquot->q_flush (xfs_dqflock() and friends)
36  *       qi->qi_lru_lock
37  *
38  * If two dquots need to be locked the order is user before group/project,
39  * otherwise by the lowest id first, see xfs_dqlock2.
40  */
41 
42 struct kmem_cache		*xfs_dqtrx_cache;
43 static struct kmem_cache	*xfs_dquot_cache;
44 
45 static struct lock_class_key xfs_dquot_group_class;
46 static struct lock_class_key xfs_dquot_project_class;
47 
48 /* Record observations of quota corruption with the health tracking system. */
49 static void
xfs_dquot_mark_sick(struct xfs_dquot * dqp)50 xfs_dquot_mark_sick(
51 	struct xfs_dquot	*dqp)
52 {
53 	struct xfs_mount	*mp = dqp->q_mount;
54 
55 	switch (dqp->q_type) {
56 	case XFS_DQTYPE_USER:
57 		xfs_fs_mark_sick(mp, XFS_SICK_FS_UQUOTA);
58 		break;
59 	case XFS_DQTYPE_GROUP:
60 		xfs_fs_mark_sick(mp, XFS_SICK_FS_GQUOTA);
61 		break;
62 	case XFS_DQTYPE_PROJ:
63 		xfs_fs_mark_sick(mp, XFS_SICK_FS_PQUOTA);
64 		break;
65 	default:
66 		ASSERT(0);
67 		break;
68 	}
69 }
70 
71 /*
72  * This is called to free all the memory associated with a dquot
73  */
74 void
xfs_qm_dqdestroy(struct xfs_dquot * dqp)75 xfs_qm_dqdestroy(
76 	struct xfs_dquot	*dqp)
77 {
78 	ASSERT(list_empty(&dqp->q_lru));
79 
80 	kvfree(dqp->q_logitem.qli_item.li_lv_shadow);
81 	mutex_destroy(&dqp->q_qlock);
82 
83 	XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot);
84 	kmem_cache_free(xfs_dquot_cache, dqp);
85 }
86 
87 /*
88  * If default limits are in force, push them into the dquot now.
89  * We overwrite the dquot limits only if they are zero and this
90  * is not the root dquot.
91  */
92 void
xfs_qm_adjust_dqlimits(struct xfs_dquot * dq)93 xfs_qm_adjust_dqlimits(
94 	struct xfs_dquot	*dq)
95 {
96 	struct xfs_mount	*mp = dq->q_mount;
97 	struct xfs_quotainfo	*q = mp->m_quotainfo;
98 	struct xfs_def_quota	*defq;
99 	int			prealloc = 0;
100 
101 	ASSERT(dq->q_id);
102 	defq = xfs_get_defquota(q, xfs_dquot_type(dq));
103 
104 	if (!dq->q_blk.softlimit) {
105 		dq->q_blk.softlimit = defq->blk.soft;
106 		prealloc = 1;
107 	}
108 	if (!dq->q_blk.hardlimit) {
109 		dq->q_blk.hardlimit = defq->blk.hard;
110 		prealloc = 1;
111 	}
112 	if (!dq->q_ino.softlimit)
113 		dq->q_ino.softlimit = defq->ino.soft;
114 	if (!dq->q_ino.hardlimit)
115 		dq->q_ino.hardlimit = defq->ino.hard;
116 	if (!dq->q_rtb.softlimit)
117 		dq->q_rtb.softlimit = defq->rtb.soft;
118 	if (!dq->q_rtb.hardlimit)
119 		dq->q_rtb.hardlimit = defq->rtb.hard;
120 
121 	if (prealloc)
122 		xfs_dquot_set_prealloc_limits(dq);
123 }
124 
125 /* Set the expiration time of a quota's grace period. */
126 time64_t
xfs_dquot_set_timeout(struct xfs_mount * mp,time64_t timeout)127 xfs_dquot_set_timeout(
128 	struct xfs_mount	*mp,
129 	time64_t		timeout)
130 {
131 	struct xfs_quotainfo	*qi = mp->m_quotainfo;
132 
133 	return clamp_t(time64_t, timeout, qi->qi_expiry_min,
134 					  qi->qi_expiry_max);
135 }
136 
137 /* Set the length of the default grace period. */
138 time64_t
xfs_dquot_set_grace_period(time64_t grace)139 xfs_dquot_set_grace_period(
140 	time64_t		grace)
141 {
142 	return clamp_t(time64_t, grace, XFS_DQ_GRACE_MIN, XFS_DQ_GRACE_MAX);
143 }
144 
145 /*
146  * Determine if this quota counter is over either limit and set the quota
147  * timers as appropriate.
148  */
149 static inline void
xfs_qm_adjust_res_timer(struct xfs_mount * mp,struct xfs_dquot_res * res,struct xfs_quota_limits * qlim)150 xfs_qm_adjust_res_timer(
151 	struct xfs_mount	*mp,
152 	struct xfs_dquot_res	*res,
153 	struct xfs_quota_limits	*qlim)
154 {
155 	ASSERT(res->hardlimit == 0 || res->softlimit <= res->hardlimit);
156 
157 	if ((res->softlimit && res->count > res->softlimit) ||
158 	    (res->hardlimit && res->count > res->hardlimit)) {
159 		if (res->timer == 0)
160 			res->timer = xfs_dquot_set_timeout(mp,
161 					ktime_get_real_seconds() + qlim->time);
162 	} else {
163 		res->timer = 0;
164 	}
165 }
166 
167 /*
168  * Check the limits and timers of a dquot and start or reset timers
169  * if necessary.
170  * This gets called even when quota enforcement is OFF, which makes our
171  * life a little less complicated. (We just don't reject any quota
172  * reservations in that case, when enforcement is off).
173  * We also return 0 as the values of the timers in Q_GETQUOTA calls, when
174  * enforcement's off.
175  * In contrast, warnings are a little different in that they don't
176  * 'automatically' get started when limits get exceeded.  They do
177  * get reset to zero, however, when we find the count to be under
178  * the soft limit (they are only ever set non-zero via userspace).
179  */
180 void
xfs_qm_adjust_dqtimers(struct xfs_dquot * dq)181 xfs_qm_adjust_dqtimers(
182 	struct xfs_dquot	*dq)
183 {
184 	struct xfs_mount	*mp = dq->q_mount;
185 	struct xfs_quotainfo	*qi = mp->m_quotainfo;
186 	struct xfs_def_quota	*defq;
187 
188 	ASSERT(dq->q_id);
189 	defq = xfs_get_defquota(qi, xfs_dquot_type(dq));
190 
191 	xfs_qm_adjust_res_timer(dq->q_mount, &dq->q_blk, &defq->blk);
192 	xfs_qm_adjust_res_timer(dq->q_mount, &dq->q_ino, &defq->ino);
193 	xfs_qm_adjust_res_timer(dq->q_mount, &dq->q_rtb, &defq->rtb);
194 }
195 
196 /*
197  * initialize a buffer full of dquots and log the whole thing
198  */
199 void
xfs_qm_init_dquot_blk(struct xfs_trans * tp,xfs_dqid_t id,xfs_dqtype_t type,struct xfs_buf * bp)200 xfs_qm_init_dquot_blk(
201 	struct xfs_trans	*tp,
202 	xfs_dqid_t		id,
203 	xfs_dqtype_t		type,
204 	struct xfs_buf		*bp)
205 {
206 	struct xfs_mount	*mp = tp->t_mountp;
207 	struct xfs_quotainfo	*q = mp->m_quotainfo;
208 	struct xfs_dqblk	*d;
209 	xfs_dqid_t		curid;
210 	unsigned int		qflag;
211 	unsigned int		blftype;
212 	int			i;
213 
214 	ASSERT(tp);
215 	ASSERT(xfs_buf_islocked(bp));
216 
217 	switch (type) {
218 	case XFS_DQTYPE_USER:
219 		qflag = XFS_UQUOTA_CHKD;
220 		blftype = XFS_BLF_UDQUOT_BUF;
221 		break;
222 	case XFS_DQTYPE_PROJ:
223 		qflag = XFS_PQUOTA_CHKD;
224 		blftype = XFS_BLF_PDQUOT_BUF;
225 		break;
226 	case XFS_DQTYPE_GROUP:
227 		qflag = XFS_GQUOTA_CHKD;
228 		blftype = XFS_BLF_GDQUOT_BUF;
229 		break;
230 	default:
231 		ASSERT(0);
232 		return;
233 	}
234 
235 	d = bp->b_addr;
236 
237 	/*
238 	 * ID of the first dquot in the block - id's are zero based.
239 	 */
240 	curid = id - (id % q->qi_dqperchunk);
241 	memset(d, 0, BBTOB(q->qi_dqchunklen));
242 	for (i = 0; i < q->qi_dqperchunk; i++, d++, curid++) {
243 		d->dd_diskdq.d_magic = cpu_to_be16(XFS_DQUOT_MAGIC);
244 		d->dd_diskdq.d_version = XFS_DQUOT_VERSION;
245 		d->dd_diskdq.d_id = cpu_to_be32(curid);
246 		d->dd_diskdq.d_type = type;
247 		if (curid > 0 && xfs_has_bigtime(mp))
248 			d->dd_diskdq.d_type |= XFS_DQTYPE_BIGTIME;
249 		if (xfs_has_crc(mp)) {
250 			uuid_copy(&d->dd_uuid, &mp->m_sb.sb_meta_uuid);
251 			xfs_update_cksum((char *)d, sizeof(struct xfs_dqblk),
252 					 XFS_DQUOT_CRC_OFF);
253 		}
254 	}
255 
256 	xfs_trans_dquot_buf(tp, bp, blftype);
257 
258 	/*
259 	 * quotacheck uses delayed writes to update all the dquots on disk in an
260 	 * efficient manner instead of logging the individual dquot changes as
261 	 * they are made. However if we log the buffer allocated here and crash
262 	 * after quotacheck while the logged initialisation is still in the
263 	 * active region of the log, log recovery can replay the dquot buffer
264 	 * initialisation over the top of the checked dquots and corrupt quota
265 	 * accounting.
266 	 *
267 	 * To avoid this problem, quotacheck cannot log the initialised buffer.
268 	 * We must still dirty the buffer and write it back before the
269 	 * allocation transaction clears the log. Therefore, mark the buffer as
270 	 * ordered instead of logging it directly. This is safe for quotacheck
271 	 * because it detects and repairs allocated but initialized dquot blocks
272 	 * in the quota inodes.
273 	 */
274 	if (!(mp->m_qflags & qflag))
275 		xfs_trans_ordered_buf(tp, bp);
276 	else
277 		xfs_trans_log_buf(tp, bp, 0, BBTOB(q->qi_dqchunklen) - 1);
278 }
279 
280 /*
281  * Initialize the dynamic speculative preallocation thresholds. The lo/hi
282  * watermarks correspond to the soft and hard limits by default. If a soft limit
283  * is not specified, we use 95% of the hard limit.
284  */
285 void
xfs_dquot_set_prealloc_limits(struct xfs_dquot * dqp)286 xfs_dquot_set_prealloc_limits(struct xfs_dquot *dqp)
287 {
288 	uint64_t space;
289 
290 	dqp->q_prealloc_hi_wmark = dqp->q_blk.hardlimit;
291 	dqp->q_prealloc_lo_wmark = dqp->q_blk.softlimit;
292 	if (!dqp->q_prealloc_lo_wmark) {
293 		dqp->q_prealloc_lo_wmark = dqp->q_prealloc_hi_wmark;
294 		do_div(dqp->q_prealloc_lo_wmark, 100);
295 		dqp->q_prealloc_lo_wmark *= 95;
296 	}
297 
298 	space = dqp->q_prealloc_hi_wmark;
299 
300 	do_div(space, 100);
301 	dqp->q_low_space[XFS_QLOWSP_1_PCNT] = space;
302 	dqp->q_low_space[XFS_QLOWSP_3_PCNT] = space * 3;
303 	dqp->q_low_space[XFS_QLOWSP_5_PCNT] = space * 5;
304 }
305 
306 /*
307  * Ensure that the given in-core dquot has a buffer on disk backing it, and
308  * return the buffer locked and held. This is called when the bmapi finds a
309  * hole.
310  */
311 STATIC int
xfs_dquot_disk_alloc(struct xfs_dquot * dqp,struct xfs_buf ** bpp)312 xfs_dquot_disk_alloc(
313 	struct xfs_dquot	*dqp,
314 	struct xfs_buf		**bpp)
315 {
316 	struct xfs_bmbt_irec	map;
317 	struct xfs_trans	*tp;
318 	struct xfs_mount	*mp = dqp->q_mount;
319 	struct xfs_buf		*bp;
320 	xfs_dqtype_t		qtype = xfs_dquot_type(dqp);
321 	struct xfs_inode	*quotip = xfs_quota_inode(mp, qtype);
322 	int			nmaps = 1;
323 	int			error;
324 
325 	trace_xfs_dqalloc(dqp);
326 
327 	error = xfs_trans_alloc(mp, &M_RES(mp)->tr_qm_dqalloc,
328 			XFS_QM_DQALLOC_SPACE_RES(mp), 0, 0, &tp);
329 	if (error)
330 		return error;
331 
332 	xfs_ilock(quotip, XFS_ILOCK_EXCL);
333 	xfs_trans_ijoin(tp, quotip, 0);
334 
335 	if (!xfs_this_quota_on(dqp->q_mount, qtype)) {
336 		/*
337 		 * Return if this type of quotas is turned off while we didn't
338 		 * have an inode lock
339 		 */
340 		error = -ESRCH;
341 		goto err_cancel;
342 	}
343 
344 	error = xfs_iext_count_extend(tp, quotip, XFS_DATA_FORK,
345 			XFS_IEXT_ADD_NOSPLIT_CNT);
346 	if (error)
347 		goto err_cancel;
348 
349 	/* Create the block mapping. */
350 	error = xfs_bmapi_write(tp, quotip, dqp->q_fileoffset,
351 			XFS_DQUOT_CLUSTER_SIZE_FSB, XFS_BMAPI_METADATA, 0, &map,
352 			&nmaps);
353 	if (error)
354 		goto err_cancel;
355 
356 	ASSERT(map.br_blockcount == XFS_DQUOT_CLUSTER_SIZE_FSB);
357 	ASSERT((map.br_startblock != DELAYSTARTBLOCK) &&
358 	       (map.br_startblock != HOLESTARTBLOCK));
359 
360 	/*
361 	 * Keep track of the blkno to save a lookup later
362 	 */
363 	dqp->q_blkno = XFS_FSB_TO_DADDR(mp, map.br_startblock);
364 
365 	/* now we can just get the buffer (there's nothing to read yet) */
366 	error = xfs_trans_get_buf(tp, mp->m_ddev_targp, dqp->q_blkno,
367 			mp->m_quotainfo->qi_dqchunklen, 0, &bp);
368 	if (error)
369 		goto err_cancel;
370 	bp->b_ops = &xfs_dquot_buf_ops;
371 
372 	/*
373 	 * Make a chunk of dquots out of this buffer and log
374 	 * the entire thing.
375 	 */
376 	xfs_qm_init_dquot_blk(tp, dqp->q_id, qtype, bp);
377 	xfs_buf_set_ref(bp, XFS_DQUOT_REF);
378 
379 	/*
380 	 * Hold the buffer and join it to the dfops so that we'll still own
381 	 * the buffer when we return to the caller.  The buffer disposal on
382 	 * error must be paid attention to very carefully, as it has been
383 	 * broken since commit efa092f3d4c6 "[XFS] Fixes a bug in the quota
384 	 * code when allocating a new dquot record" in 2005, and the later
385 	 * conversion to xfs_defer_ops in commit 310a75a3c6c747 failed to keep
386 	 * the buffer locked across the _defer_finish call.  We can now do
387 	 * this correctly with xfs_defer_bjoin.
388 	 *
389 	 * Above, we allocated a disk block for the dquot information and used
390 	 * get_buf to initialize the dquot. If the _defer_finish fails, the old
391 	 * transaction is gone but the new buffer is not joined or held to any
392 	 * transaction, so we must _buf_relse it.
393 	 *
394 	 * If everything succeeds, the caller of this function is returned a
395 	 * buffer that is locked and held to the transaction.  The caller
396 	 * is responsible for unlocking any buffer passed back, either
397 	 * manually or by committing the transaction.  On error, the buffer is
398 	 * released and not passed back.
399 	 *
400 	 * Keep the quota inode ILOCKed until after the transaction commit to
401 	 * maintain the atomicity of bmap/rmap updates.
402 	 */
403 	xfs_trans_bhold(tp, bp);
404 	error = xfs_trans_commit(tp);
405 	xfs_iunlock(quotip, XFS_ILOCK_EXCL);
406 	if (error) {
407 		xfs_buf_relse(bp);
408 		return error;
409 	}
410 
411 	*bpp = bp;
412 	return 0;
413 
414 err_cancel:
415 	xfs_trans_cancel(tp);
416 	xfs_iunlock(quotip, XFS_ILOCK_EXCL);
417 	return error;
418 }
419 
420 /*
421  * Read in the in-core dquot's on-disk metadata and return the buffer.
422  * Returns ENOENT to signal a hole.
423  */
424 STATIC int
xfs_dquot_disk_read(struct xfs_mount * mp,struct xfs_dquot * dqp,struct xfs_buf ** bpp)425 xfs_dquot_disk_read(
426 	struct xfs_mount	*mp,
427 	struct xfs_dquot	*dqp,
428 	struct xfs_buf		**bpp)
429 {
430 	struct xfs_bmbt_irec	map;
431 	struct xfs_buf		*bp;
432 	xfs_dqtype_t		qtype = xfs_dquot_type(dqp);
433 	struct xfs_inode	*quotip = xfs_quota_inode(mp, qtype);
434 	uint			lock_mode;
435 	int			nmaps = 1;
436 	int			error;
437 
438 	lock_mode = xfs_ilock_data_map_shared(quotip);
439 	if (!xfs_this_quota_on(mp, qtype)) {
440 		/*
441 		 * Return if this type of quotas is turned off while we
442 		 * didn't have the quota inode lock.
443 		 */
444 		xfs_iunlock(quotip, lock_mode);
445 		return -ESRCH;
446 	}
447 
448 	/*
449 	 * Find the block map; no allocations yet
450 	 */
451 	error = xfs_bmapi_read(quotip, dqp->q_fileoffset,
452 			XFS_DQUOT_CLUSTER_SIZE_FSB, &map, &nmaps, 0);
453 	xfs_iunlock(quotip, lock_mode);
454 	if (error)
455 		return error;
456 
457 	ASSERT(nmaps == 1);
458 	ASSERT(map.br_blockcount >= 1);
459 	ASSERT(map.br_startblock != DELAYSTARTBLOCK);
460 	if (map.br_startblock == HOLESTARTBLOCK)
461 		return -ENOENT;
462 
463 	trace_xfs_dqtobp_read(dqp);
464 
465 	/*
466 	 * store the blkno etc so that we don't have to do the
467 	 * mapping all the time
468 	 */
469 	dqp->q_blkno = XFS_FSB_TO_DADDR(mp, map.br_startblock);
470 
471 	error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, dqp->q_blkno,
472 			mp->m_quotainfo->qi_dqchunklen, 0, &bp,
473 			&xfs_dquot_buf_ops);
474 	if (xfs_metadata_is_sick(error))
475 		xfs_dquot_mark_sick(dqp);
476 	if (error) {
477 		ASSERT(bp == NULL);
478 		return error;
479 	}
480 
481 	ASSERT(xfs_buf_islocked(bp));
482 	xfs_buf_set_ref(bp, XFS_DQUOT_REF);
483 	*bpp = bp;
484 
485 	return 0;
486 }
487 
488 /* Allocate and initialize everything we need for an incore dquot. */
489 STATIC struct xfs_dquot *
xfs_dquot_alloc(struct xfs_mount * mp,xfs_dqid_t id,xfs_dqtype_t type)490 xfs_dquot_alloc(
491 	struct xfs_mount	*mp,
492 	xfs_dqid_t		id,
493 	xfs_dqtype_t		type)
494 {
495 	struct xfs_dquot	*dqp;
496 
497 	dqp = kmem_cache_zalloc(xfs_dquot_cache, GFP_KERNEL | __GFP_NOFAIL);
498 
499 	dqp->q_type = type;
500 	dqp->q_id = id;
501 	dqp->q_mount = mp;
502 	INIT_LIST_HEAD(&dqp->q_lru);
503 	mutex_init(&dqp->q_qlock);
504 	init_waitqueue_head(&dqp->q_pinwait);
505 	dqp->q_fileoffset = (xfs_fileoff_t)id / mp->m_quotainfo->qi_dqperchunk;
506 	/*
507 	 * Offset of dquot in the (fixed sized) dquot chunk.
508 	 */
509 	dqp->q_bufoffset = (id % mp->m_quotainfo->qi_dqperchunk) *
510 			sizeof(struct xfs_dqblk);
511 
512 	/*
513 	 * Because we want to use a counting completion, complete
514 	 * the flush completion once to allow a single access to
515 	 * the flush completion without blocking.
516 	 */
517 	init_completion(&dqp->q_flush);
518 	complete(&dqp->q_flush);
519 
520 	/*
521 	 * Make sure group quotas have a different lock class than user
522 	 * quotas.
523 	 */
524 	switch (type) {
525 	case XFS_DQTYPE_USER:
526 		/* uses the default lock class */
527 		break;
528 	case XFS_DQTYPE_GROUP:
529 		lockdep_set_class(&dqp->q_qlock, &xfs_dquot_group_class);
530 		break;
531 	case XFS_DQTYPE_PROJ:
532 		lockdep_set_class(&dqp->q_qlock, &xfs_dquot_project_class);
533 		break;
534 	default:
535 		ASSERT(0);
536 		break;
537 	}
538 
539 	xfs_qm_dquot_logitem_init(dqp);
540 
541 	XFS_STATS_INC(mp, xs_qm_dquot);
542 	return dqp;
543 }
544 
545 /* Check the ondisk dquot's id and type match what the incore dquot expects. */
546 static bool
xfs_dquot_check_type(struct xfs_dquot * dqp,struct xfs_disk_dquot * ddqp)547 xfs_dquot_check_type(
548 	struct xfs_dquot	*dqp,
549 	struct xfs_disk_dquot	*ddqp)
550 {
551 	uint8_t			ddqp_type;
552 	uint8_t			dqp_type;
553 
554 	ddqp_type = ddqp->d_type & XFS_DQTYPE_REC_MASK;
555 	dqp_type = xfs_dquot_type(dqp);
556 
557 	if (be32_to_cpu(ddqp->d_id) != dqp->q_id)
558 		return false;
559 
560 	/*
561 	 * V5 filesystems always expect an exact type match.  V4 filesystems
562 	 * expect an exact match for user dquots and for non-root group and
563 	 * project dquots.
564 	 */
565 	if (xfs_has_crc(dqp->q_mount) ||
566 	    dqp_type == XFS_DQTYPE_USER || dqp->q_id != 0)
567 		return ddqp_type == dqp_type;
568 
569 	/*
570 	 * V4 filesystems support either group or project quotas, but not both
571 	 * at the same time.  The non-user quota file can be switched between
572 	 * group and project quota uses depending on the mount options, which
573 	 * means that we can encounter the other type when we try to load quota
574 	 * defaults.  Quotacheck will soon reset the entire quota file
575 	 * (including the root dquot) anyway, but don't log scary corruption
576 	 * reports to dmesg.
577 	 */
578 	return ddqp_type == XFS_DQTYPE_GROUP || ddqp_type == XFS_DQTYPE_PROJ;
579 }
580 
581 /* Copy the in-core quota fields in from the on-disk buffer. */
582 STATIC int
xfs_dquot_from_disk(struct xfs_dquot * dqp,struct xfs_buf * bp)583 xfs_dquot_from_disk(
584 	struct xfs_dquot	*dqp,
585 	struct xfs_buf		*bp)
586 {
587 	struct xfs_dqblk	*dqb = xfs_buf_offset(bp, dqp->q_bufoffset);
588 	struct xfs_disk_dquot	*ddqp = &dqb->dd_diskdq;
589 
590 	/*
591 	 * Ensure that we got the type and ID we were looking for.
592 	 * Everything else was checked by the dquot buffer verifier.
593 	 */
594 	if (!xfs_dquot_check_type(dqp, ddqp)) {
595 		xfs_alert_tag(bp->b_mount, XFS_PTAG_VERIFIER_ERROR,
596 			  "Metadata corruption detected at %pS, quota %u",
597 			  __this_address, dqp->q_id);
598 		xfs_alert(bp->b_mount, "Unmount and run xfs_repair");
599 		xfs_dquot_mark_sick(dqp);
600 		return -EFSCORRUPTED;
601 	}
602 
603 	/* copy everything from disk dquot to the incore dquot */
604 	dqp->q_type = ddqp->d_type;
605 	dqp->q_blk.hardlimit = be64_to_cpu(ddqp->d_blk_hardlimit);
606 	dqp->q_blk.softlimit = be64_to_cpu(ddqp->d_blk_softlimit);
607 	dqp->q_ino.hardlimit = be64_to_cpu(ddqp->d_ino_hardlimit);
608 	dqp->q_ino.softlimit = be64_to_cpu(ddqp->d_ino_softlimit);
609 	dqp->q_rtb.hardlimit = be64_to_cpu(ddqp->d_rtb_hardlimit);
610 	dqp->q_rtb.softlimit = be64_to_cpu(ddqp->d_rtb_softlimit);
611 
612 	dqp->q_blk.count = be64_to_cpu(ddqp->d_bcount);
613 	dqp->q_ino.count = be64_to_cpu(ddqp->d_icount);
614 	dqp->q_rtb.count = be64_to_cpu(ddqp->d_rtbcount);
615 
616 	dqp->q_blk.timer = xfs_dquot_from_disk_ts(ddqp, ddqp->d_btimer);
617 	dqp->q_ino.timer = xfs_dquot_from_disk_ts(ddqp, ddqp->d_itimer);
618 	dqp->q_rtb.timer = xfs_dquot_from_disk_ts(ddqp, ddqp->d_rtbtimer);
619 
620 	/*
621 	 * Reservation counters are defined as reservation plus current usage
622 	 * to avoid having to add every time.
623 	 */
624 	dqp->q_blk.reserved = dqp->q_blk.count;
625 	dqp->q_ino.reserved = dqp->q_ino.count;
626 	dqp->q_rtb.reserved = dqp->q_rtb.count;
627 
628 	/* initialize the dquot speculative prealloc thresholds */
629 	xfs_dquot_set_prealloc_limits(dqp);
630 	return 0;
631 }
632 
633 /* Copy the in-core quota fields into the on-disk buffer. */
634 void
xfs_dquot_to_disk(struct xfs_disk_dquot * ddqp,struct xfs_dquot * dqp)635 xfs_dquot_to_disk(
636 	struct xfs_disk_dquot	*ddqp,
637 	struct xfs_dquot	*dqp)
638 {
639 	ddqp->d_magic = cpu_to_be16(XFS_DQUOT_MAGIC);
640 	ddqp->d_version = XFS_DQUOT_VERSION;
641 	ddqp->d_type = dqp->q_type;
642 	ddqp->d_id = cpu_to_be32(dqp->q_id);
643 	ddqp->d_pad0 = 0;
644 	ddqp->d_pad = 0;
645 
646 	ddqp->d_blk_hardlimit = cpu_to_be64(dqp->q_blk.hardlimit);
647 	ddqp->d_blk_softlimit = cpu_to_be64(dqp->q_blk.softlimit);
648 	ddqp->d_ino_hardlimit = cpu_to_be64(dqp->q_ino.hardlimit);
649 	ddqp->d_ino_softlimit = cpu_to_be64(dqp->q_ino.softlimit);
650 	ddqp->d_rtb_hardlimit = cpu_to_be64(dqp->q_rtb.hardlimit);
651 	ddqp->d_rtb_softlimit = cpu_to_be64(dqp->q_rtb.softlimit);
652 
653 	ddqp->d_bcount = cpu_to_be64(dqp->q_blk.count);
654 	ddqp->d_icount = cpu_to_be64(dqp->q_ino.count);
655 	ddqp->d_rtbcount = cpu_to_be64(dqp->q_rtb.count);
656 
657 	ddqp->d_bwarns = 0;
658 	ddqp->d_iwarns = 0;
659 	ddqp->d_rtbwarns = 0;
660 
661 	ddqp->d_btimer = xfs_dquot_to_disk_ts(dqp, dqp->q_blk.timer);
662 	ddqp->d_itimer = xfs_dquot_to_disk_ts(dqp, dqp->q_ino.timer);
663 	ddqp->d_rtbtimer = xfs_dquot_to_disk_ts(dqp, dqp->q_rtb.timer);
664 }
665 
666 /*
667  * Read in the ondisk dquot using dqtobp() then copy it to an incore version,
668  * and release the buffer immediately.  If @can_alloc is true, fill any
669  * holes in the on-disk metadata.
670  */
671 static int
xfs_qm_dqread(struct xfs_mount * mp,xfs_dqid_t id,xfs_dqtype_t type,bool can_alloc,struct xfs_dquot ** dqpp)672 xfs_qm_dqread(
673 	struct xfs_mount	*mp,
674 	xfs_dqid_t		id,
675 	xfs_dqtype_t		type,
676 	bool			can_alloc,
677 	struct xfs_dquot	**dqpp)
678 {
679 	struct xfs_dquot	*dqp;
680 	struct xfs_buf		*bp;
681 	int			error;
682 
683 	dqp = xfs_dquot_alloc(mp, id, type);
684 	trace_xfs_dqread(dqp);
685 
686 	/* Try to read the buffer, allocating if necessary. */
687 	error = xfs_dquot_disk_read(mp, dqp, &bp);
688 	if (error == -ENOENT && can_alloc)
689 		error = xfs_dquot_disk_alloc(dqp, &bp);
690 	if (error)
691 		goto err;
692 
693 	/*
694 	 * At this point we should have a clean locked buffer.  Copy the data
695 	 * to the incore dquot and release the buffer since the incore dquot
696 	 * has its own locking protocol so we needn't tie up the buffer any
697 	 * further.
698 	 */
699 	ASSERT(xfs_buf_islocked(bp));
700 	error = xfs_dquot_from_disk(dqp, bp);
701 	xfs_buf_relse(bp);
702 	if (error)
703 		goto err;
704 
705 	*dqpp = dqp;
706 	return error;
707 
708 err:
709 	trace_xfs_dqread_fail(dqp);
710 	xfs_qm_dqdestroy(dqp);
711 	*dqpp = NULL;
712 	return error;
713 }
714 
715 /*
716  * Advance to the next id in the current chunk, or if at the
717  * end of the chunk, skip ahead to first id in next allocated chunk
718  * using the SEEK_DATA interface.
719  */
720 static int
xfs_dq_get_next_id(struct xfs_mount * mp,xfs_dqtype_t type,xfs_dqid_t * id)721 xfs_dq_get_next_id(
722 	struct xfs_mount	*mp,
723 	xfs_dqtype_t		type,
724 	xfs_dqid_t		*id)
725 {
726 	struct xfs_inode	*quotip = xfs_quota_inode(mp, type);
727 	xfs_dqid_t		next_id = *id + 1; /* simple advance */
728 	uint			lock_flags;
729 	struct xfs_bmbt_irec	got;
730 	struct xfs_iext_cursor	cur;
731 	xfs_fsblock_t		start;
732 	int			error = 0;
733 
734 	/* If we'd wrap past the max ID, stop */
735 	if (next_id < *id)
736 		return -ENOENT;
737 
738 	/* If new ID is within the current chunk, advancing it sufficed */
739 	if (next_id % mp->m_quotainfo->qi_dqperchunk) {
740 		*id = next_id;
741 		return 0;
742 	}
743 
744 	/* Nope, next_id is now past the current chunk, so find the next one */
745 	start = (xfs_fsblock_t)next_id / mp->m_quotainfo->qi_dqperchunk;
746 
747 	lock_flags = xfs_ilock_data_map_shared(quotip);
748 	error = xfs_iread_extents(NULL, quotip, XFS_DATA_FORK);
749 	if (error)
750 		return error;
751 
752 	if (xfs_iext_lookup_extent(quotip, &quotip->i_df, start, &cur, &got)) {
753 		/* contiguous chunk, bump startoff for the id calculation */
754 		if (got.br_startoff < start)
755 			got.br_startoff = start;
756 		*id = got.br_startoff * mp->m_quotainfo->qi_dqperchunk;
757 	} else {
758 		error = -ENOENT;
759 	}
760 
761 	xfs_iunlock(quotip, lock_flags);
762 
763 	return error;
764 }
765 
766 /*
767  * Look up the dquot in the in-core cache.  If found, the dquot is returned
768  * locked and ready to go.
769  */
770 static struct xfs_dquot *
xfs_qm_dqget_cache_lookup(struct xfs_mount * mp,struct xfs_quotainfo * qi,struct radix_tree_root * tree,xfs_dqid_t id)771 xfs_qm_dqget_cache_lookup(
772 	struct xfs_mount	*mp,
773 	struct xfs_quotainfo	*qi,
774 	struct radix_tree_root	*tree,
775 	xfs_dqid_t		id)
776 {
777 	struct xfs_dquot	*dqp;
778 
779 restart:
780 	mutex_lock(&qi->qi_tree_lock);
781 	dqp = radix_tree_lookup(tree, id);
782 	if (!dqp) {
783 		mutex_unlock(&qi->qi_tree_lock);
784 		XFS_STATS_INC(mp, xs_qm_dqcachemisses);
785 		return NULL;
786 	}
787 
788 	xfs_dqlock(dqp);
789 	if (dqp->q_flags & XFS_DQFLAG_FREEING) {
790 		xfs_dqunlock(dqp);
791 		mutex_unlock(&qi->qi_tree_lock);
792 		trace_xfs_dqget_freeing(dqp);
793 		delay(1);
794 		goto restart;
795 	}
796 
797 	dqp->q_nrefs++;
798 	mutex_unlock(&qi->qi_tree_lock);
799 
800 	trace_xfs_dqget_hit(dqp);
801 	XFS_STATS_INC(mp, xs_qm_dqcachehits);
802 	return dqp;
803 }
804 
805 /*
806  * Try to insert a new dquot into the in-core cache.  If an error occurs the
807  * caller should throw away the dquot and start over.  Otherwise, the dquot
808  * is returned locked (and held by the cache) as if there had been a cache
809  * hit.
810  *
811  * The insert needs to be done under memalloc_nofs context because the radix
812  * tree can do memory allocation during insert. The qi->qi_tree_lock is taken in
813  * memory reclaim when freeing unused dquots, so we cannot have the radix tree
814  * node allocation recursing into filesystem reclaim whilst we hold the
815  * qi_tree_lock.
816  */
817 static int
xfs_qm_dqget_cache_insert(struct xfs_mount * mp,struct xfs_quotainfo * qi,struct radix_tree_root * tree,xfs_dqid_t id,struct xfs_dquot * dqp)818 xfs_qm_dqget_cache_insert(
819 	struct xfs_mount	*mp,
820 	struct xfs_quotainfo	*qi,
821 	struct radix_tree_root	*tree,
822 	xfs_dqid_t		id,
823 	struct xfs_dquot	*dqp)
824 {
825 	unsigned int		nofs_flags;
826 	int			error;
827 
828 	nofs_flags = memalloc_nofs_save();
829 	mutex_lock(&qi->qi_tree_lock);
830 	error = radix_tree_insert(tree, id, dqp);
831 	if (unlikely(error)) {
832 		/* Duplicate found!  Caller must try again. */
833 		trace_xfs_dqget_dup(dqp);
834 		goto out_unlock;
835 	}
836 
837 	/* Return a locked dquot to the caller, with a reference taken. */
838 	xfs_dqlock(dqp);
839 	dqp->q_nrefs = 1;
840 	qi->qi_dquots++;
841 
842 out_unlock:
843 	mutex_unlock(&qi->qi_tree_lock);
844 	memalloc_nofs_restore(nofs_flags);
845 	return error;
846 }
847 
848 /* Check our input parameters. */
849 static int
xfs_qm_dqget_checks(struct xfs_mount * mp,xfs_dqtype_t type)850 xfs_qm_dqget_checks(
851 	struct xfs_mount	*mp,
852 	xfs_dqtype_t		type)
853 {
854 	switch (type) {
855 	case XFS_DQTYPE_USER:
856 		if (!XFS_IS_UQUOTA_ON(mp))
857 			return -ESRCH;
858 		return 0;
859 	case XFS_DQTYPE_GROUP:
860 		if (!XFS_IS_GQUOTA_ON(mp))
861 			return -ESRCH;
862 		return 0;
863 	case XFS_DQTYPE_PROJ:
864 		if (!XFS_IS_PQUOTA_ON(mp))
865 			return -ESRCH;
866 		return 0;
867 	default:
868 		WARN_ON_ONCE(0);
869 		return -EINVAL;
870 	}
871 }
872 
873 /*
874  * Given the file system, id, and type (UDQUOT/GDQUOT/PDQUOT), return a
875  * locked dquot, doing an allocation (if requested) as needed.
876  */
877 int
xfs_qm_dqget(struct xfs_mount * mp,xfs_dqid_t id,xfs_dqtype_t type,bool can_alloc,struct xfs_dquot ** O_dqpp)878 xfs_qm_dqget(
879 	struct xfs_mount	*mp,
880 	xfs_dqid_t		id,
881 	xfs_dqtype_t		type,
882 	bool			can_alloc,
883 	struct xfs_dquot	**O_dqpp)
884 {
885 	struct xfs_quotainfo	*qi = mp->m_quotainfo;
886 	struct radix_tree_root	*tree = xfs_dquot_tree(qi, type);
887 	struct xfs_dquot	*dqp;
888 	int			error;
889 
890 	error = xfs_qm_dqget_checks(mp, type);
891 	if (error)
892 		return error;
893 
894 restart:
895 	dqp = xfs_qm_dqget_cache_lookup(mp, qi, tree, id);
896 	if (dqp) {
897 		*O_dqpp = dqp;
898 		return 0;
899 	}
900 
901 	error = xfs_qm_dqread(mp, id, type, can_alloc, &dqp);
902 	if (error)
903 		return error;
904 
905 	error = xfs_qm_dqget_cache_insert(mp, qi, tree, id, dqp);
906 	if (error) {
907 		/*
908 		 * Duplicate found. Just throw away the new dquot and start
909 		 * over.
910 		 */
911 		xfs_qm_dqdestroy(dqp);
912 		XFS_STATS_INC(mp, xs_qm_dquot_dups);
913 		goto restart;
914 	}
915 
916 	trace_xfs_dqget_miss(dqp);
917 	*O_dqpp = dqp;
918 	return 0;
919 }
920 
921 /*
922  * Given a dquot id and type, read and initialize a dquot from the on-disk
923  * metadata.  This function is only for use during quota initialization so
924  * it ignores the dquot cache assuming that the dquot shrinker isn't set up.
925  * The caller is responsible for _qm_dqdestroy'ing the returned dquot.
926  */
927 int
xfs_qm_dqget_uncached(struct xfs_mount * mp,xfs_dqid_t id,xfs_dqtype_t type,struct xfs_dquot ** dqpp)928 xfs_qm_dqget_uncached(
929 	struct xfs_mount	*mp,
930 	xfs_dqid_t		id,
931 	xfs_dqtype_t		type,
932 	struct xfs_dquot	**dqpp)
933 {
934 	int			error;
935 
936 	error = xfs_qm_dqget_checks(mp, type);
937 	if (error)
938 		return error;
939 
940 	return xfs_qm_dqread(mp, id, type, 0, dqpp);
941 }
942 
943 /* Return the quota id for a given inode and type. */
944 xfs_dqid_t
xfs_qm_id_for_quotatype(struct xfs_inode * ip,xfs_dqtype_t type)945 xfs_qm_id_for_quotatype(
946 	struct xfs_inode	*ip,
947 	xfs_dqtype_t		type)
948 {
949 	switch (type) {
950 	case XFS_DQTYPE_USER:
951 		return i_uid_read(VFS_I(ip));
952 	case XFS_DQTYPE_GROUP:
953 		return i_gid_read(VFS_I(ip));
954 	case XFS_DQTYPE_PROJ:
955 		return ip->i_projid;
956 	}
957 	ASSERT(0);
958 	return 0;
959 }
960 
961 /*
962  * Return the dquot for a given inode and type.  If @can_alloc is true, then
963  * allocate blocks if needed.  The inode's ILOCK must be held and it must not
964  * have already had an inode attached.
965  */
966 int
xfs_qm_dqget_inode(struct xfs_inode * ip,xfs_dqtype_t type,bool can_alloc,struct xfs_dquot ** O_dqpp)967 xfs_qm_dqget_inode(
968 	struct xfs_inode	*ip,
969 	xfs_dqtype_t		type,
970 	bool			can_alloc,
971 	struct xfs_dquot	**O_dqpp)
972 {
973 	struct xfs_mount	*mp = ip->i_mount;
974 	struct xfs_quotainfo	*qi = mp->m_quotainfo;
975 	struct radix_tree_root	*tree = xfs_dquot_tree(qi, type);
976 	struct xfs_dquot	*dqp;
977 	xfs_dqid_t		id;
978 	int			error;
979 
980 	error = xfs_qm_dqget_checks(mp, type);
981 	if (error)
982 		return error;
983 
984 	xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
985 	ASSERT(xfs_inode_dquot(ip, type) == NULL);
986 
987 	id = xfs_qm_id_for_quotatype(ip, type);
988 
989 restart:
990 	dqp = xfs_qm_dqget_cache_lookup(mp, qi, tree, id);
991 	if (dqp) {
992 		*O_dqpp = dqp;
993 		return 0;
994 	}
995 
996 	/*
997 	 * Dquot cache miss. We don't want to keep the inode lock across
998 	 * a (potential) disk read. Also we don't want to deal with the lock
999 	 * ordering between quotainode and this inode. OTOH, dropping the inode
1000 	 * lock here means dealing with a chown that can happen before
1001 	 * we re-acquire the lock.
1002 	 */
1003 	xfs_iunlock(ip, XFS_ILOCK_EXCL);
1004 	error = xfs_qm_dqread(mp, id, type, can_alloc, &dqp);
1005 	xfs_ilock(ip, XFS_ILOCK_EXCL);
1006 	if (error)
1007 		return error;
1008 
1009 	/*
1010 	 * A dquot could be attached to this inode by now, since we had
1011 	 * dropped the ilock.
1012 	 */
1013 	if (xfs_this_quota_on(mp, type)) {
1014 		struct xfs_dquot	*dqp1;
1015 
1016 		dqp1 = xfs_inode_dquot(ip, type);
1017 		if (dqp1) {
1018 			xfs_qm_dqdestroy(dqp);
1019 			dqp = dqp1;
1020 			xfs_dqlock(dqp);
1021 			goto dqret;
1022 		}
1023 	} else {
1024 		/* inode stays locked on return */
1025 		xfs_qm_dqdestroy(dqp);
1026 		return -ESRCH;
1027 	}
1028 
1029 	error = xfs_qm_dqget_cache_insert(mp, qi, tree, id, dqp);
1030 	if (error) {
1031 		/*
1032 		 * Duplicate found. Just throw away the new dquot and start
1033 		 * over.
1034 		 */
1035 		xfs_qm_dqdestroy(dqp);
1036 		XFS_STATS_INC(mp, xs_qm_dquot_dups);
1037 		goto restart;
1038 	}
1039 
1040 dqret:
1041 	xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
1042 	trace_xfs_dqget_miss(dqp);
1043 	*O_dqpp = dqp;
1044 	return 0;
1045 }
1046 
1047 /*
1048  * Starting at @id and progressing upwards, look for an initialized incore
1049  * dquot, lock it, and return it.
1050  */
1051 int
xfs_qm_dqget_next(struct xfs_mount * mp,xfs_dqid_t id,xfs_dqtype_t type,struct xfs_dquot ** dqpp)1052 xfs_qm_dqget_next(
1053 	struct xfs_mount	*mp,
1054 	xfs_dqid_t		id,
1055 	xfs_dqtype_t		type,
1056 	struct xfs_dquot	**dqpp)
1057 {
1058 	struct xfs_dquot	*dqp;
1059 	int			error = 0;
1060 
1061 	*dqpp = NULL;
1062 	for (; !error; error = xfs_dq_get_next_id(mp, type, &id)) {
1063 		error = xfs_qm_dqget(mp, id, type, false, &dqp);
1064 		if (error == -ENOENT)
1065 			continue;
1066 		else if (error != 0)
1067 			break;
1068 
1069 		if (!XFS_IS_DQUOT_UNINITIALIZED(dqp)) {
1070 			*dqpp = dqp;
1071 			return 0;
1072 		}
1073 
1074 		xfs_qm_dqput(dqp);
1075 	}
1076 
1077 	return error;
1078 }
1079 
1080 /*
1081  * Release a reference to the dquot (decrement ref-count) and unlock it.
1082  *
1083  * If there is a group quota attached to this dquot, carefully release that
1084  * too without tripping over deadlocks'n'stuff.
1085  */
1086 void
xfs_qm_dqput(struct xfs_dquot * dqp)1087 xfs_qm_dqput(
1088 	struct xfs_dquot	*dqp)
1089 {
1090 	ASSERT(dqp->q_nrefs > 0);
1091 	ASSERT(XFS_DQ_IS_LOCKED(dqp));
1092 
1093 	trace_xfs_dqput(dqp);
1094 
1095 	if (--dqp->q_nrefs == 0) {
1096 		struct xfs_quotainfo	*qi = dqp->q_mount->m_quotainfo;
1097 		trace_xfs_dqput_free(dqp);
1098 
1099 		if (list_lru_add_obj(&qi->qi_lru, &dqp->q_lru))
1100 			XFS_STATS_INC(dqp->q_mount, xs_qm_dquot_unused);
1101 	}
1102 	xfs_dqunlock(dqp);
1103 }
1104 
1105 /*
1106  * Release a dquot. Flush it if dirty, then dqput() it.
1107  * dquot must not be locked.
1108  */
1109 void
xfs_qm_dqrele(struct xfs_dquot * dqp)1110 xfs_qm_dqrele(
1111 	struct xfs_dquot	*dqp)
1112 {
1113 	if (!dqp)
1114 		return;
1115 
1116 	trace_xfs_dqrele(dqp);
1117 
1118 	xfs_dqlock(dqp);
1119 	/*
1120 	 * We don't care to flush it if the dquot is dirty here.
1121 	 * That will create stutters that we want to avoid.
1122 	 * Instead we do a delayed write when we try to reclaim
1123 	 * a dirty dquot. Also xfs_sync will take part of the burden...
1124 	 */
1125 	xfs_qm_dqput(dqp);
1126 }
1127 
1128 /*
1129  * This is the dquot flushing I/O completion routine.  It is called
1130  * from interrupt level when the buffer containing the dquot is
1131  * flushed to disk.  It is responsible for removing the dquot logitem
1132  * from the AIL if it has not been re-logged, and unlocking the dquot's
1133  * flush lock. This behavior is very similar to that of inodes..
1134  */
1135 static void
xfs_qm_dqflush_done(struct xfs_log_item * lip)1136 xfs_qm_dqflush_done(
1137 	struct xfs_log_item	*lip)
1138 {
1139 	struct xfs_dq_logitem	*qip = (struct xfs_dq_logitem *)lip;
1140 	struct xfs_dquot	*dqp = qip->qli_dquot;
1141 	struct xfs_ail		*ailp = lip->li_ailp;
1142 	xfs_lsn_t		tail_lsn;
1143 
1144 	/*
1145 	 * We only want to pull the item from the AIL if its
1146 	 * location in the log has not changed since we started the flush.
1147 	 * Thus, we only bother if the dquot's lsn has
1148 	 * not changed. First we check the lsn outside the lock
1149 	 * since it's cheaper, and then we recheck while
1150 	 * holding the lock before removing the dquot from the AIL.
1151 	 */
1152 	if (test_bit(XFS_LI_IN_AIL, &lip->li_flags) &&
1153 	    ((lip->li_lsn == qip->qli_flush_lsn) ||
1154 	     test_bit(XFS_LI_FAILED, &lip->li_flags))) {
1155 
1156 		spin_lock(&ailp->ail_lock);
1157 		xfs_clear_li_failed(lip);
1158 		if (lip->li_lsn == qip->qli_flush_lsn) {
1159 			/* xfs_ail_update_finish() drops the AIL lock */
1160 			tail_lsn = xfs_ail_delete_one(ailp, lip);
1161 			xfs_ail_update_finish(ailp, tail_lsn);
1162 		} else {
1163 			spin_unlock(&ailp->ail_lock);
1164 		}
1165 	}
1166 
1167 	/*
1168 	 * Release the dq's flush lock since we're done with it.
1169 	 */
1170 	xfs_dqfunlock(dqp);
1171 }
1172 
1173 void
xfs_buf_dquot_iodone(struct xfs_buf * bp)1174 xfs_buf_dquot_iodone(
1175 	struct xfs_buf		*bp)
1176 {
1177 	struct xfs_log_item	*lip, *n;
1178 
1179 	list_for_each_entry_safe(lip, n, &bp->b_li_list, li_bio_list) {
1180 		list_del_init(&lip->li_bio_list);
1181 		xfs_qm_dqflush_done(lip);
1182 	}
1183 }
1184 
1185 void
xfs_buf_dquot_io_fail(struct xfs_buf * bp)1186 xfs_buf_dquot_io_fail(
1187 	struct xfs_buf		*bp)
1188 {
1189 	struct xfs_log_item	*lip;
1190 
1191 	spin_lock(&bp->b_mount->m_ail->ail_lock);
1192 	list_for_each_entry(lip, &bp->b_li_list, li_bio_list)
1193 		xfs_set_li_failed(lip, bp);
1194 	spin_unlock(&bp->b_mount->m_ail->ail_lock);
1195 }
1196 
1197 /* Check incore dquot for errors before we flush. */
1198 static xfs_failaddr_t
xfs_qm_dqflush_check(struct xfs_dquot * dqp)1199 xfs_qm_dqflush_check(
1200 	struct xfs_dquot	*dqp)
1201 {
1202 	xfs_dqtype_t		type = xfs_dquot_type(dqp);
1203 
1204 	if (type != XFS_DQTYPE_USER &&
1205 	    type != XFS_DQTYPE_GROUP &&
1206 	    type != XFS_DQTYPE_PROJ)
1207 		return __this_address;
1208 
1209 	if (dqp->q_id == 0)
1210 		return NULL;
1211 
1212 	if (dqp->q_blk.softlimit && dqp->q_blk.count > dqp->q_blk.softlimit &&
1213 	    !dqp->q_blk.timer)
1214 		return __this_address;
1215 
1216 	if (dqp->q_ino.softlimit && dqp->q_ino.count > dqp->q_ino.softlimit &&
1217 	    !dqp->q_ino.timer)
1218 		return __this_address;
1219 
1220 	if (dqp->q_rtb.softlimit && dqp->q_rtb.count > dqp->q_rtb.softlimit &&
1221 	    !dqp->q_rtb.timer)
1222 		return __this_address;
1223 
1224 	/* bigtime flag should never be set on root dquots */
1225 	if (dqp->q_type & XFS_DQTYPE_BIGTIME) {
1226 		if (!xfs_has_bigtime(dqp->q_mount))
1227 			return __this_address;
1228 		if (dqp->q_id == 0)
1229 			return __this_address;
1230 	}
1231 
1232 	return NULL;
1233 }
1234 
1235 /*
1236  * Write a modified dquot to disk.
1237  * The dquot must be locked and the flush lock too taken by caller.
1238  * The flush lock will not be unlocked until the dquot reaches the disk,
1239  * but the dquot is free to be unlocked and modified by the caller
1240  * in the interim. Dquot is still locked on return. This behavior is
1241  * identical to that of inodes.
1242  */
1243 int
xfs_qm_dqflush(struct xfs_dquot * dqp,struct xfs_buf ** bpp)1244 xfs_qm_dqflush(
1245 	struct xfs_dquot	*dqp,
1246 	struct xfs_buf		**bpp)
1247 {
1248 	struct xfs_mount	*mp = dqp->q_mount;
1249 	struct xfs_log_item	*lip = &dqp->q_logitem.qli_item;
1250 	struct xfs_buf		*bp;
1251 	struct xfs_dqblk	*dqblk;
1252 	xfs_failaddr_t		fa;
1253 	int			error;
1254 
1255 	ASSERT(XFS_DQ_IS_LOCKED(dqp));
1256 	ASSERT(!completion_done(&dqp->q_flush));
1257 
1258 	trace_xfs_dqflush(dqp);
1259 
1260 	*bpp = NULL;
1261 
1262 	xfs_qm_dqunpin_wait(dqp);
1263 
1264 	/*
1265 	 * Get the buffer containing the on-disk dquot
1266 	 */
1267 	error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, dqp->q_blkno,
1268 				   mp->m_quotainfo->qi_dqchunklen, XBF_TRYLOCK,
1269 				   &bp, &xfs_dquot_buf_ops);
1270 	if (error == -EAGAIN)
1271 		goto out_unlock;
1272 	if (xfs_metadata_is_sick(error))
1273 		xfs_dquot_mark_sick(dqp);
1274 	if (error)
1275 		goto out_abort;
1276 
1277 	fa = xfs_qm_dqflush_check(dqp);
1278 	if (fa) {
1279 		xfs_alert(mp, "corrupt dquot ID 0x%x in memory at %pS",
1280 				dqp->q_id, fa);
1281 		xfs_buf_relse(bp);
1282 		xfs_dquot_mark_sick(dqp);
1283 		error = -EFSCORRUPTED;
1284 		goto out_abort;
1285 	}
1286 
1287 	/* Flush the incore dquot to the ondisk buffer. */
1288 	dqblk = xfs_buf_offset(bp, dqp->q_bufoffset);
1289 	xfs_dquot_to_disk(&dqblk->dd_diskdq, dqp);
1290 
1291 	/*
1292 	 * Clear the dirty field and remember the flush lsn for later use.
1293 	 */
1294 	dqp->q_flags &= ~XFS_DQFLAG_DIRTY;
1295 
1296 	xfs_trans_ail_copy_lsn(mp->m_ail, &dqp->q_logitem.qli_flush_lsn,
1297 					&dqp->q_logitem.qli_item.li_lsn);
1298 
1299 	/*
1300 	 * copy the lsn into the on-disk dquot now while we have the in memory
1301 	 * dquot here. This can't be done later in the write verifier as we
1302 	 * can't get access to the log item at that point in time.
1303 	 *
1304 	 * We also calculate the CRC here so that the on-disk dquot in the
1305 	 * buffer always has a valid CRC. This ensures there is no possibility
1306 	 * of a dquot without an up-to-date CRC getting to disk.
1307 	 */
1308 	if (xfs_has_crc(mp)) {
1309 		dqblk->dd_lsn = cpu_to_be64(dqp->q_logitem.qli_item.li_lsn);
1310 		xfs_update_cksum((char *)dqblk, sizeof(struct xfs_dqblk),
1311 				 XFS_DQUOT_CRC_OFF);
1312 	}
1313 
1314 	/*
1315 	 * Attach the dquot to the buffer so that we can remove this dquot from
1316 	 * the AIL and release the flush lock once the dquot is synced to disk.
1317 	 */
1318 	bp->b_flags |= _XBF_DQUOTS;
1319 	list_add_tail(&dqp->q_logitem.qli_item.li_bio_list, &bp->b_li_list);
1320 
1321 	/*
1322 	 * If the buffer is pinned then push on the log so we won't
1323 	 * get stuck waiting in the write for too long.
1324 	 */
1325 	if (xfs_buf_ispinned(bp)) {
1326 		trace_xfs_dqflush_force(dqp);
1327 		xfs_log_force(mp, 0);
1328 	}
1329 
1330 	trace_xfs_dqflush_done(dqp);
1331 	*bpp = bp;
1332 	return 0;
1333 
1334 out_abort:
1335 	dqp->q_flags &= ~XFS_DQFLAG_DIRTY;
1336 	xfs_trans_ail_delete(lip, 0);
1337 	xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
1338 out_unlock:
1339 	xfs_dqfunlock(dqp);
1340 	return error;
1341 }
1342 
1343 /*
1344  * Lock two xfs_dquot structures.
1345  *
1346  * To avoid deadlocks we always lock the quota structure with
1347  * the lowerd id first.
1348  */
1349 void
xfs_dqlock2(struct xfs_dquot * d1,struct xfs_dquot * d2)1350 xfs_dqlock2(
1351 	struct xfs_dquot	*d1,
1352 	struct xfs_dquot	*d2)
1353 {
1354 	if (d1 && d2) {
1355 		ASSERT(d1 != d2);
1356 		if (d1->q_id > d2->q_id) {
1357 			mutex_lock(&d2->q_qlock);
1358 			mutex_lock_nested(&d1->q_qlock, XFS_QLOCK_NESTED);
1359 		} else {
1360 			mutex_lock(&d1->q_qlock);
1361 			mutex_lock_nested(&d2->q_qlock, XFS_QLOCK_NESTED);
1362 		}
1363 	} else if (d1) {
1364 		mutex_lock(&d1->q_qlock);
1365 	} else if (d2) {
1366 		mutex_lock(&d2->q_qlock);
1367 	}
1368 }
1369 
1370 static int
xfs_dqtrx_cmp(const void * a,const void * b)1371 xfs_dqtrx_cmp(
1372 	const void		*a,
1373 	const void		*b)
1374 {
1375 	const struct xfs_dqtrx	*qa = a;
1376 	const struct xfs_dqtrx	*qb = b;
1377 
1378 	if (qa->qt_dquot->q_id > qb->qt_dquot->q_id)
1379 		return 1;
1380 	if (qa->qt_dquot->q_id < qb->qt_dquot->q_id)
1381 		return -1;
1382 	return 0;
1383 }
1384 
1385 void
xfs_dqlockn(struct xfs_dqtrx * q)1386 xfs_dqlockn(
1387 	struct xfs_dqtrx	*q)
1388 {
1389 	unsigned int		i;
1390 
1391 	BUILD_BUG_ON(XFS_QM_TRANS_MAXDQS > MAX_LOCKDEP_SUBCLASSES);
1392 
1393 	/* Sort in order of dquot id, do not allow duplicates */
1394 	for (i = 0; i < XFS_QM_TRANS_MAXDQS && q[i].qt_dquot != NULL; i++) {
1395 		unsigned int	j;
1396 
1397 		for (j = 0; j < i; j++)
1398 			ASSERT(q[i].qt_dquot != q[j].qt_dquot);
1399 	}
1400 	if (i == 0)
1401 		return;
1402 
1403 	sort(q, i, sizeof(struct xfs_dqtrx), xfs_dqtrx_cmp, NULL);
1404 
1405 	mutex_lock(&q[0].qt_dquot->q_qlock);
1406 	for (i = 1; i < XFS_QM_TRANS_MAXDQS && q[i].qt_dquot != NULL; i++)
1407 		mutex_lock_nested(&q[i].qt_dquot->q_qlock,
1408 				XFS_QLOCK_NESTED + i - 1);
1409 }
1410 
1411 int __init
xfs_qm_init(void)1412 xfs_qm_init(void)
1413 {
1414 	xfs_dquot_cache = kmem_cache_create("xfs_dquot",
1415 					  sizeof(struct xfs_dquot),
1416 					  0, 0, NULL);
1417 	if (!xfs_dquot_cache)
1418 		goto out;
1419 
1420 	xfs_dqtrx_cache = kmem_cache_create("xfs_dqtrx",
1421 					     sizeof(struct xfs_dquot_acct),
1422 					     0, 0, NULL);
1423 	if (!xfs_dqtrx_cache)
1424 		goto out_free_dquot_cache;
1425 
1426 	return 0;
1427 
1428 out_free_dquot_cache:
1429 	kmem_cache_destroy(xfs_dquot_cache);
1430 out:
1431 	return -ENOMEM;
1432 }
1433 
1434 void
xfs_qm_exit(void)1435 xfs_qm_exit(void)
1436 {
1437 	kmem_cache_destroy(xfs_dqtrx_cache);
1438 	kmem_cache_destroy(xfs_dquot_cache);
1439 }
1440